Tomiris Cyberattacks Target Government Officials and Diplomats

A new wave of cyberattacks by the Tomiris group has been discovered, targeting government officials and diplomats across a region. The group, known for focusing on high-value political targets, has shifted to more advanced methods to hide their tracks, including using popular apps like Telegram and Discord to control infected computers. A report by Kaspersky reveals that the threat actor launched a sophisticated campaign in early 2025, using phishing emails disguised as official government correspondence. The emails contain password-protected archives with malicious programs that infect computers when opened. Tomiris uses various programming languages for their tools, making detection harder. They also communicate with infected machines via legitimate public services, blending malicious activity with regular network traffic. The campaign primarily targets a specific language group, with over 50% of phishing emails in that language. Security experts warn of the group's focus on stealth and long-term spying, urging organizations to scrutinize network traffic for subtle signs of compromise.